[gentoo-commits] gentoo-x86 commit in app-arch/cpio/files: cpio-2.9-CVE-2007-4476.patch digest-cpio-2.9-r1 - gentoo-commits

From:	"Mike Frysinger (vapier)" <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in app-arch/cpio/files: cpio-2.9-CVE-2007-4476.patch digest-cpio-2.9-r1
Date:	Sun, 28 Oct 2007 21:40:26
Message-Id:	`E1ImFro-0000tL-Uf@stork.gentoo.org`

1

vapier      07/10/28 21:40:20

2

3

  Added:                cpio-2.9-CVE-2007-4476.patch digest-cpio-2.9-r1

4

  Log:

5

  Add fix for CVE-2007-4476 #196978.

6

  (Portage version: 2.1.3.16)

7

8

Revision  Changes    Path

9

1.1                  app-arch/cpio/files/cpio-2.9-CVE-2007-4476.patch

10

11

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-arch/cpio/files/cpio-2.9-CVE-2007-4476.patch?rev=1.1&view=markup

12

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-arch/cpio/files/cpio-2.9-CVE-2007-4476.patch?rev=1.1&content-type=text/plain

13

14

Index: cpio-2.9-CVE-2007-4476.patch

15

===================================================================

16

http://bugs.gentoo.org/196978

17

18

--- lib/paxnames.c

19

+++ lib/paxnames.c

20

@@ -36,15 +36,27 @@

21

   return strcmp (name1, name2) == 0;

22

}

23

24

-/* Return zero if TABLE contains a copy of STRING; otherwise, insert a

25

-   copy of STRING to TABLE and return 1.  */

26

-bool

27

-hash_string_insert (Hash_table **table, char const *string)

28

+/* Return zero if TABLE contains a LEN-character long prefix of STRING,

29

+   otherwise, insert a newly allocated copy of this prefix to TABLE and

30

+   return 1.  If RETURN_PREFIX is not NULL, point it to the allocated

31

+   copy. */

32

+static bool

33

+hash_string_insert_prefix (Hash_table **table, char const *string, size_t len,

34

+			   const char **return_prefix)

35

{

36

   Hash_table *t = *table;

37

-  char *s = xstrdup (string);

38

+  char *s;

39

   char *e;

40

41

+  if (len)

42

+    {

43

+      s = xmalloc (len + 1);

44

+      memcpy (s, string, len);

45

+      s[len] = 0;

46

+    }

47

+  else

48

+    s = xstrdup (string);

49

+

50

   if (! ((t

51

 	  || (*table = t = hash_initialize (0, 0, hash_string_hasher,

52

 					    hash_string_compare, 0)))

53

@@ -52,7 +64,11 @@

54

     xalloc_die ();

55

56

   if (e == s)

57

-    return 1;

58

+    {

59

+      if (return_prefix)

60

+	*return_prefix = s;

61

+      return 1;

62

+    }

63

   else

64

{

65

       free (s);

66

@@ -60,6 +76,14 @@

67

}

68

}

69

70

+/* Return zero if TABLE contains a copy of STRING; otherwise, insert a

71

+   copy of STRING to TABLE and return 1.  */

72

+bool

73

+hash_string_insert (Hash_table **table, char const *string)

74

+{

75

+  return hash_string_insert_prefix (table, string, 0, NULL);

76

+}

77

+

78

 /* Return 1 if TABLE contains STRING.  */

79

 bool

80

 hash_string_lookup (Hash_table const *table, char const *string)

81

@@ -88,7 +112,8 @@

82

    If ABSOLUTE_NAMES is 0, strip filesystem prefix from the file name. */

83

84

 char *

85

-safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)

86

+safer_name_suffix (char const *file_name, bool link_target,

87

+		   bool absolute_names)

88

{

89

   char const *p;

90

91

@@ -121,11 +146,9 @@

92

93

       if (prefix_len)

94

{

95

-	  char *prefix = alloca (prefix_len + 1);

96

-	  memcpy (prefix, file_name, prefix_len);

97

-	  prefix[prefix_len] = '\0';

98

-

99

-	  if (hash_string_insert (&prefix_table[link_target], prefix))

100

+	  const char *prefix;

101

+	  if (hash_string_insert_prefix (&prefix_table[link_target], file_name,

102

+					 prefix_len, &prefix))

103

{

104

 	      static char const *const diagnostic[] =

105

{

1.1                  app-arch/cpio/files/digest-cpio-2.9-r1

110

111

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-arch/cpio/files/digest-cpio-2.9-r1?rev=1.1&view=markup

112

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-arch/cpio/files/digest-cpio-2.9-r1?rev=1.1&content-type=text/plain

113

114

Index: digest-cpio-2.9-r1

115

===================================================================

116

MD5 e387abfdae3a0b9a8a5f762db653a96d cpio-2.9.tar.bz2 758195

117

RMD160 6fbd93755e266ad7ff9644cb7fe3c3e54d61ac44 cpio-2.9.tar.bz2 758195

118

SHA256 bb9a5fa693a8f4ef4685eb447cea1dc5b787e37c302569928ef74df460724707 cpio-2.9.tar.bz2 758195

--

123

gentoo-commits@g.o mailing list

1	vapier 07/10/28 21:40:20
2
3	Added: cpio-2.9-CVE-2007-4476.patch digest-cpio-2.9-r1
4	Log:
5	Add fix for CVE-2007-4476 #196978.
6	(Portage version: 2.1.3.16)
7
8	Revision Changes Path
9	1.1 app-arch/cpio/files/cpio-2.9-CVE-2007-4476.patch
10
11	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-arch/cpio/files/cpio-2.9-CVE-2007-4476.patch?rev=1.1&view=markup
12	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-arch/cpio/files/cpio-2.9-CVE-2007-4476.patch?rev=1.1&content-type=text/plain
13
14	Index: cpio-2.9-CVE-2007-4476.patch
15	===================================================================
16	http://bugs.gentoo.org/196978
17
18	--- lib/paxnames.c
19	+++ lib/paxnames.c
20	@@ -36,15 +36,27 @@
21	return strcmp (name1, name2) == 0;
22	}
23
24	-/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
25	- copy of STRING to TABLE and return 1. */
26	-bool
27	-hash_string_insert (Hash_table *table, char const string)
28	+/* Return zero if TABLE contains a LEN-character long prefix of STRING,
29	+ otherwise, insert a newly allocated copy of this prefix to TABLE and
30	+ return 1. If RETURN_PREFIX is not NULL, point it to the allocated
31	+ copy. */
32	+static bool
33	+hash_string_insert_prefix (Hash_table *table, char const string, size_t len,
34	+ const char **return_prefix)
35	{
36	Hash_table t = table;
37	- char *s = xstrdup (string);
38	+ char *s;
39	char *e;
40
41	+ if (len)
42	+ {
43	+ s = xmalloc (len + 1);
44	+ memcpy (s, string, len);
45	+ s[len] = 0;
46	+ }
47	+ else
48	+ s = xstrdup (string);
49	+
50	if (! ((t
51	\|\| (*table = t = hash_initialize (0, 0, hash_string_hasher,
52	hash_string_compare, 0)))
53	@@ -52,7 +64,11 @@
54	xalloc_die ();
55
56	if (e == s)
57	- return 1;
58	+ {
59	+ if (return_prefix)
60	+ *return_prefix = s;
61	+ return 1;
62	+ }
63	else
64	{
65	free (s);
66	@@ -60,6 +76,14 @@
67	}
68	}
69
70	+/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
71	+ copy of STRING to TABLE and return 1. */
72	+bool
73	+hash_string_insert (Hash_table *table, char const string)
74	+{
75	+ return hash_string_insert_prefix (table, string, 0, NULL);
76	+}
77	+
78	/* Return 1 if TABLE contains STRING. */
79	bool
80	hash_string_lookup (Hash_table const table, char const string)
81	@@ -88,7 +112,8 @@
82	If ABSOLUTE_NAMES is 0, strip filesystem prefix from the file name. */
83
84	char *
85	-safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
86	+safer_name_suffix (char const *file_name, bool link_target,
87	+ bool absolute_names)
88	{
89	char const *p;
90
91	@@ -121,11 +146,9 @@
92
93	if (prefix_len)
94	{
95	- char *prefix = alloca (prefix_len + 1);
96	- memcpy (prefix, file_name, prefix_len);
97	- prefix[prefix_len] = '\0';
98	-
99	- if (hash_string_insert (&prefix_table[link_target], prefix))
100	+ const char *prefix;
101	+ if (hash_string_insert_prefix (&prefix_table[link_target], file_name,
102	+ prefix_len, &prefix))
103	{
104	static char const *const diagnostic[] =
105	{
106
107
108
109	1.1 app-arch/cpio/files/digest-cpio-2.9-r1
110
111	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-arch/cpio/files/digest-cpio-2.9-r1?rev=1.1&view=markup
112	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-arch/cpio/files/digest-cpio-2.9-r1?rev=1.1&content-type=text/plain
113
114	Index: digest-cpio-2.9-r1
115	===================================================================
116	MD5 e387abfdae3a0b9a8a5f762db653a96d cpio-2.9.tar.bz2 758195
117	RMD160 6fbd93755e266ad7ff9644cb7fe3c3e54d61ac44 cpio-2.9.tar.bz2 758195
118	SHA256 bb9a5fa693a8f4ef4685eb447cea1dc5b787e37c302569928ef74df460724707 cpio-2.9.tar.bz2 758195
119
120
121
122	--
123	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits